The Future of Cybersecurity: How Will We Protect Ourselves in the Years to Come?
- Netacea, Agentless Bot Management
11 minutes read
Cyberthreats are one of the most significant challenges facing society today. From illegal political influence to personal data theft, cyberattacks are already posing a huge problem for governments, businesses, and individuals. And as attacks become more sophisticated, it’s getting harder to protect ourselves online.
So, what can we expect from the future of cybersecurity? Is it possible to keep up with the speed and complexity of these advancing attacks?
With rapidly evolving threats that are increasingly difficult to detect, it’s no surprise that Google search volumes for cybersecurity have increased more than tenfold over the last ten years.
Despite this, only 50% of US businesses have a cybersecurity plan in place in 2022 — and almost a quarter spend less than $500 a month on cybersecurity.
So, is this enough to protect your business from increasingly sophisticated online attacks now and in the future? In this article, cybersecurity experts share what the future of cybersecurity holds for individuals and businesses alike — and how we can prepare for these fast-approaching challenges.
The state of cybersecurity in 2022
According to a 2022 survey, the most common cyberattacks on small businesses so far this year are:
- Ransomware — 19%
- Compromised/stolen devices — 17%
- Phishing — 17%
- Malware — 17%
- Credential theft/social engineering — 11%
- Insider attacks — 11%
- Other attack types — 7%
ZDNet cybersecurity journalist Charlie Osborne believes many of these threats will continue to impact small businesses. “SMBs will face the same issues as before — phishing attempts, spam, and business email compromise will be their major threats.” In a Microsoft survey, most security professionals agreed that phishing campaigns increased more than any other cyber threat during the Covid-19 pandemic.
But ransomware tops the table — and cybersecurity experts predict that this will be one of the biggest challenges we face in the coming years.
The top three cybersecurity threats facing us in the future
Netacea’s head of threat research, Matthew Gracey-McGinn, acknowledges the difficulty in forecasting the future of cybersecurity. “It’s very hard to predict upcoming threats in cybersecurity, due to how quickly technology is moving on and the constant requirement for attackers to innovate and come up with new ideas.”
But there are indicators and insights that suggest where the future of cybersecurity is headed. Here, cybersecurity journalists, academics, and threat researchers reveal what they believe are the biggest upcoming cybersecurity threats.
“When it comes to enterprises,” Charlie says, “I believe we will continue to see an escalation in ransomware.”
Ransomware enables attackers to steal data, then demand money for its return — and it’s already a significant problem for businesses. In 2021, the average cost of a ransomware attack was $4.62 million. Increasingly, these attacks happen because of ransomware-as-a-service, in which RaaS providers create ransomware programs and sell them to attackers, who unleash them on businesses.
Every expert we asked mentioned ransomware as one of the biggest future threats. “Ransomware attacks have been a major concern for businesses for some years,” says Matthew. “They’re a highly profitable attack vector for cybercriminals to pursue. We’ve already seen attackers doubling down on ransoms by demanding one ransom for decryption keys for computers, and a second for returning stolen data without releasing it publicly.”
Releasing stolen data puts companies at risk of significant data breach fines. According to security researcher and engineer Xianghang Mi, “Data breaches will continue to rank as the top threat facing businesses, and they will occur through myriad channels, including ransomware attacks.”
And it’s likely that cybercriminals will take ransomware attacks even further in future. “As legislators explore ideas around punishing companies that pay ransoms, we may well see a third avenue for extortion develop,” Matthew says. “Ironically, criminals may demand additional hush money from their victims to not report the paying of the ransom to law enforcement.”
Abuse of artificial intelligence and machine learning
AI and machine learning present opportunities for businesses. But in the wrong hands, they can cause serious cybersecurity problems. Xianghang Mi believes “the abuse and misuse of AI techniques will ramp up to become the biggest threat facing businesses.”
“We have already begun to see advanced cyber actors employing AI and machine learning technologies in their offensive actions,” says Matthew. “They use them to overcome defenses and bypass security faster than any human can reasonably be expected to react to.”
Timeliness is a huge barrier to successful cybersecurity. “Exploding amounts of data [...] and the evolution of data rates are forcing fully-automated analysis,” Robert Koch writes. “On the other hand, unacceptable false alarm rates still render pure machine-based evaluation useless for numerous real-world applications. This forces a human-in-the-loop to supervise the detection process. While this strongly affects real-time capabilities, it is currently inevitable in productive networks.”
Striking a balance between speed and accuracy is essential for efficient cybersecurity. A machine learning engine can understand threats far more quickly than humans can — but you must be sure of its threat detection accuracy. Netacea’s bot management software has an industry-low false positive rate of 0.001%, making it one of the fastest, most accurate threat detection systems.
Quantum computers use quantum mechanics to solve highly complex problems. It’s still a relatively young field — but soon there will be an exponential rise in cyberattacks based in quantum computing technology.
“In the next five to ten years, quantum computing — and its effect on traditional cryptography — poses a great threat,” says Cyril Noel-Tagoe, Netacea’s principal security researcher. “Modern cryptographic algorithms are built on mathematical problems that are difficult for traditional computers to solve. But these problems won’t be as difficult for quantum computers, vastly reducing the effectiveness of modern cryptography.”
Quantum computing isn’t yet developed enough to pose a significant problem in the next couple of years. But many advanced cybercriminals are already preparing to use these sophisticated processes for their own gains.
“We’re already seeing nation states and advanced criminal actors gathering valuable but encrypted data that they can’t yet decrypt, in preparation for when quantum decryption becomes a viable solution,” says Matthew. “This is likely to render current defensive methods and tools obsolete.”
How will the world change in response to these threats?
As these threats draw ever closer, it’s not just cybersecurity experts who must prepare. Businesses, individuals, and governments will be impacted by these changes. So, what’s likely to change as the future of cybersecurity draws nearer?
Governments are notoriously slow to legislate for online developments. But this will start to change as governments see the political and social impact of lack of control over the cyber domain. Take the Facebook—Cambridge Analytica scandal — selling data to an unauthorized third party likely had a significant influence on both the 2016 US presidential election and the UK Brexit referendum.
“Up to now, it’s largely been a bit of a free-for-all,” says Matthew, **“**but governments are starting to see the need to increasingly legislate the cyber domain as an independent area, rather than extending existing legislation to cover the Internet as well as the physical world.
“Governments are likely to set standards to improve cybersecurity and get much more hands-on in working with critical industries like healthcare and energy to ensure they’re protected. There have also been suggestions of creating international standards around the cyber domain.”
Cyril believes this will particularly impact ransomware attackers. “Governments will have to take a tougher stance on the payment of ransoms to reduce the profitability of the attack to threat actors. Organizations like the National Cyber Security Centre and the Information Commissioner's Office in the UK have recently asked law firms not to advise clients to pay ransomware demands. This stance is likely to be formalized into legislation or regulation around ransomware payments in many countries.”
Cyberwarfare is already of huge international concern. The Center For Strategic and International Studies tracks the most significant cyber incidents affecting international political and military organizations. In 2022, 77 major incidents had already been recorded by August.
“Destructive cyberattacks are likely to form part of the cyberwarfare arsenal for nation states,” says Cyril, “a step change from the primarily disinformation and denial of service-focused attacks we’ve seen so far.”
“In some cases, we’ve already begun to see governments using military cyberwarfare capabilities,” Matthew notes, “especially in response to attacks on private companies where those companies perform vital services to the country.”
This is a major concern for geopolitical relations — not least because there’s currently no widely accepted definition of what exactly cyberwarfare is. Without this, it’s difficult to recognize when cyberwarfare is occurring, let alone deploy effective countermeasures.
Increased focus on data protection
Data and privacy protection is familiar to most internet users. But as cyberattacks intensify, organizations will take this more seriously than ever.
“These threats will impact how organizations collect, store, and make use of various data,” says Xianghang Mi, “so as to fulfill the requirements of data protection regulations.
“To address data breaches, businesses may decide to keep data where it’s generated, instead of uploading it and storing it on a server. As researchers, we must build up the necessary theories, algorithms, and practical systems to enable a trustworthy cyberspace that is immune to attacks and threats.”
How can businesses protect themselves from future cyber threats?
According to cybersecurity experts, there are several ways businesses should upgrade their cybersecurity systems in the face of these future online threats:
- Cybersecurity insurance — insuring your business against cyberattacks “will become as common as car or equipment insurance,” says Charlie
- Use zero-trust models of protection — Charlie also expects more businesses to use the ‘never trust, always verify’ principle to keep their systems secure
- Invest in cybersecurity — Matthew expects to see “even smaller companies investing significantly in cybersecurity to protect themselves from the impact of an attack,” while Cyril believes business will invest particularly heavily in AI-based security systems
- Protect your API — “APIs have rapidly become the backbone of the digital economy and will become even more critical as more internet connected devices are brought to market,” says Cyril.
“The growing rate of cyberattacks is making it increasingly unviable for large businesses to operate without cybersecurity functions,” says Matthew. “There is an increasing realization that effective cybersecurity can significantly reduce the risk of a major attack leading to a data breach or loss of operations.
“At Netacea, we’re currently looking to protect web applications and APIs. Increasingly people are interacting with businesses online, and the online world is becoming more and more entangled with the physical. This creates new avenues for attacks on businesses and their customers. We help businesses protect these avenues of attack and thus act with greater confidence.”
Experts are also researching quantum-safe cryptography to prevent decryption when this technology becomes widely available. But Cyril warns, “This will not protect information attackers have stolen in advance and are waiting to break with quantum computing.”
Any type of cyberattack can endanger profitability, reputation, and customer trust. So, as we enter a new age of cybersecurity, it’s essential to have strong protection in place. Netacea has been recognized by both Forrester and Gartner for its effective threat detection and bot management capabilities. Watch our two-minute demo to find out more.
Schedule Your Demo
Tired of your website being exploited by malicious malware and bots?We can help
Subscribe and stay updated
Insightful articles, data-driven research, and more cyber security focussed content to your inbox every week.